PERFORCE change 164010 for review
Robert Watson
rwatson at FreeBSD.org
Wed Jun 10 15:30:43 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164010
Change 164010 by rwatson at rwatson_freebsd_capabilities on 2009/06/10 15:29:51
Provide an argv[] argument fo lch_start() so that arguments can be
passed to the agent.
Properly set up capability for libz.zo.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#4 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#4 (text+ko) ====
@@ -47,7 +47,7 @@
.Ft int
.Fn lc_limitfd "int fd" "cap_rights_t rights"
.Ft int
-.Fn lch_start "const char *agent" "struct lc_agent **lcap"
+.Fn lch_start "const char *agent" "char *const argv[]" "struct lc_agent **lcap"
.Ft void
.Fn lch_stop "struct lc_agent *lcap"
.Ft int
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#5 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 $
*/
#ifndef _LIBCAPABILITY_H_
@@ -47,7 +47,8 @@
/*
* Interfaces to start and stop capability mode agents.
*/
-int lch_start(const char *agent, struct lc_agent **lcapp);
+int lch_start(const char *agent, char *const argv[],
+ struct lc_agent **lcapp);
void lch_stop(struct lc_agent *lcap);
/*
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#4 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 $
*/
#include <sys/types.h>
@@ -139,7 +139,8 @@
}
static void
-lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz)
+lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz,
+ char *const argv[])
{
char *env_caplibindex, *env_libcapability_agent_api;
int fd_array[8], fd_devnull;
@@ -158,6 +159,8 @@
return;
if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIBC) < 0)
return;
+ if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0)
+ return;
fd_array[0] = fd_devnull;
fd_array[1] = fd_devnull;
@@ -196,11 +199,11 @@
if (cap_enter() < 0)
return;
- (void)fexecve(5, ldso_argv, environ);
+ (void)fexecve(5, argv, environ);
}
int
-lch_start(const char *agent, struct lc_agent **lcapp)
+lch_start(const char *agent, char *const argv[], struct lc_agent **lcapp)
{
struct lc_agent *lcap;
int fd_agent, fd_ldso, fd_libc, fd_libz, fd_procdesc, fd_sockpair[2];
@@ -249,7 +252,7 @@
}
if (pid == 0) {
lch_agent(fd_sockpair[1], fd_agent, fd_ldso, fd_libc,
- fd_libz);
+ fd_libz, argv);
exit(-1);
}
close(fd_libz);
More information about the p4-projects
mailing list